[Snort-devel] report a small bug

Russ Combs rcombs at ...402...
Fri Jul 9 10:31:11 EDT 2010


Thanks to the original reporter of this bug.  We'll see that it is fixed in
the next release.

SF did not call it "small" but it is not what I'd call dangerous.  Apart
from annoying printf()s there really is no ill effect.  The free count in
question is essentially redundant, because the free list it is counting is
properly initialized and the pointer is checked before use.

Thanks for checking.
Russ

On Fri, Jul 9, 2010 at 9:24 AM, L0rd Ch0de1m0rt <l0rdch0de1m0rt at ...2499...>wrote:

> Hello.  I am not intimate with Snort code so pardon if this is a
> stupid question but how serious is this bug?  You call it "small" but
> can there be DoS, code execution, etc.?  We have seen security
> vulnerabilities in the past in Snort and I need to know if I need to
> prioritise my snort patches so I don't get 0wn3d.
>
> Thanks!
>
> -L0rd Ch0de1m0rt
>
>
> ------------------------------------------------------------------------------
> This SF.net email is sponsored by Sprint
> What will you do first with EVO, the first 4G phone?
> Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first
> _______________________________________________
> Snort-devel mailing list
> Snort-devel at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-devel
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20100709/06af3f7e/attachment.html>


More information about the Snort-devel mailing list